- From: Steven Bingler <bingler@chromium.org>
- Date: Fri, 14 Nov 2025 12:58:32 -0500
- To: iesg@ietf.org
- Cc: draft-ietf-httpbis-rfc6265bis@ietf.org, httpbis-chairs@ietf.org, ietf-http-wg@w3.org, mnot@mnot.net
Hello Zaheduzzaman, Thank you for your review and apologies for the late reply. I had to take a hiatus. > # The following two normative behaviors could easily be part of section 3 > overview. Is there any particular reason to put these in the introduction > section ? To maximize the chances that a reader will see those statements. There have been multiple issues in the past stemming from implementers choosing and implementing the wrong behavior for their application. These, along with Section 3.2, will hopefully help prevent that in the future. > # Who are "we" in section 5.2.2 's Note? This is now obsolete, that note was removed. > # Can we be more specific on how section 5.2.2.2 is related to set-cookies and > cookies header specification? This subsection is related to how a request should be categorized: same-site or cross-site. Previous versions of the spec attempted to re-implement parts of the Service Worker spec that were specific to SameSite but those attempts were insufficient. The current advice is to defer to the Server Worker's spec on how to define same-site-ness. Relatedly there is an in-progress update to the cookie spec that will more thoroughly decouple cookies from the various APIs that 6265bis attempts to integrate. See draft-ietf-httpbis-layered-cookies Thanks, - Steven
Received on Friday, 14 November 2025 17:58:47 UTC